Last updated: July 3, 2022
Nmap is an open source port scanner that can obtain information about a remote computer's operating system. This software is increasingly used by network administrators because it provides very precise information about a network.
Nmap is available under Linux, Windows and Mac OS.
In this article we will see the basic operation of Nmap. Then, we will define the weak points of your network or your machines to avoid unforeseen attacks.
What is the role of Nmap?
The objective of the Nmap scanner is very simple: it allows you to find in a very short time, all open ports on a remote machine. It also allows you to know the type and version of the OS running on the machine.
For example, we can discover thanks to NMAP that a system hosts Windows Server with a certain version. If this version of Windows contains listed vulnerabilities, we can then launch attacks to take control of this machine.
Nmap installation
Public chat Windows
First of all, first download the .EXE Nmap file.
Once the file is recovered, double-click it. The installation wizard opens. Then click successively on Next, I agree, Next, Next.
Then click install, And then Finish.
At the end of the installation, open thecommand prompt and move to the folder Nmap “C:\Program Files (x86)\Nmap” with the following commands:
cd “\Program Files (x86)\Nmap”
Note that Nmap for Windows now include GUI. If you prefer to use it with the interface, there should be a new icon on your desktop.
However here we will teach you how to use Nmap from the command line. It's quick and more convenient.
On linux
If you are under the Debian-based distributions, the NMAP package is pre-installed and you just have to type the following command:
Then if you use kali-linux , you will not have to do the installation. It is also already installed on your system.
Finally, if you use distributions based on RPM packages (Redhat, Mandrake, Suse, etc.) then these simple commands usually do the trick:
rpm -vhU https://nmap.org/dist/zenmap-7.80-1.noarch.rpm
rpm -vhU https://nmap.org/dist/ncat-7.80-1.x86_64.rpm
rpm -vhU https://nmap.org/dist/nping-0.7.80-1.x86_64.rpm
Note that on Linux, you can also use Nmap with a graphical interface thanks to Zenmap.
How to use Nmap?
Identify the operating system of a remote machine
Si Nmap cannot identify the version of your OS, we can display a list of systems that could potentially correspond.
Discover machines on a network
If you want to identify all the machines on your network.
See the open ports on a machine
Un port scan allows you to see how your machine is seen from the outside, what services are accessible. On the other hand, a port scan allows hacker to see the services running remotely in order to find a fault in one of these services. This way, he can go further in the attack.
To scan a specific port. Here is the http port:
Spoof MAC address
THEMAC address spoofing and the changing a MAC address so that it resembles that of another network card. This technique is called “MAC Spoofing”
nmap –spoof-mac Cisco 127.0.0.1
See all open TCP ports
See all open UDP ports
FTP bounce scan
FTP Bounce scanning is supported by the -b option. It allows you to ask an FTP server to scan ports for you. This technique is a bit old but it is still possible to find vulnerable FTP servers.
In my case, I go through my local FTP server which has the address 127.0.0.1 to scan a range ofIP addresses :
The real usefulness of Nmap for pentesters lies in the combination of the latter with Metasploit Framework to scan one or more machines and automatically launch exploits.
Finally, I strongly encourage you to test Nmap on your network in order to verify that your machines do not present any exploitable flaw.
And if you have other examples of Nmap uses, you can post them in a comment.